projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Try to enable ntp keying
[mirror/dsa-puppet.git] / modules / ntp / manifests / init.pp
diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index dfc1517..730fbea 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -1,35 +1,92 @@
 class ntp {
-       package { ntp: ensure => installed }
-       file {  "/var/lib/ntp/":
-                       ensure  => directory,
-                       owner   => ntp,
-                       group   => ntp,
-                       mode    => 755
-                       ;
-               "/var/lib/ntpstats":
-                       ensure  => directory,
-                       owner   => ntp,
-                       group   => ntp,
-                       mode    => 755
-                       ;
-               "/etc/ntp.conf":
-                       owner   => root,
-                       group   => root,
-                       mode    => 444,
-                       content => template("ntp/ntp.conf"),
-                       notify  => Exec["ntp restart"],
-                       require => Package["ntp"]
-                       ;
-       }
-       exec { "ntp restart":
-               path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-               refreshonly => true,
-       }
-        @ferm::rule { "dsa-ntp":
-                domain          => "(ip ip6)",
-                description     => "Allow ntp access",
-                rule            => "&SERVICE(udp, 123)"
+    package { ntp: ensure => installed }
+    file {
+        "/var/lib/ntp/":
+            ensure  => directory,
+            owner   => ntp,
+            group   => ntp,
+            mode    => 755
+            ;
+        "/var/lib/ntpstats":
+            ensure  => directory,
+            owner   => ntp,
+            group   => ntp,
+            mode    => 755
+            ;
+        "/etc/ntp.conf":
+            owner   => root,
+            group   => root,
+            mode    => 444,
+            content => template("ntp/ntp.conf"),
+            notify  => Exec["ntp restart"],
+            require => Package["ntp"]
+            ;
+        "/etc/ntp.keys.d":
+            owner   => root,
+            group   => ntp,
+            mode    => 750,
+            ensure  => directory,
+            ;
+    }
+    case extractnodeinfo($nodeinfo, 'timeserver') {
+        'true': { }
+        default: {
+            file {
+                "/etc/default/ntp":
+                    owner   => root,
+                    group   => root,
+                    mode    => 444,
+                    source  => [ "puppet:///ntp/etc-default-ntp" ],
+                    require => Package["ntp"],
+                    notify  => Exec["ntp restart"],
+                    ;
+
+                "/etc/ntp.keys.d/ntpkey_iff_merikanto":
+                    owner   => root,
+                    group   => root,
+                    mode    => 444,
+                    source  => [ "puppet:///ntp/ntpkey_iff_merikanto.pub" ],
+                    require => Package["ntp"],
+                    notify  => Exec["ntp restart"],
+                    ;
+                "/etc/ntp.keys.d/ntpkey_iff_orff":
+                    owner   => root,
+                    group   => root,
+                    mode    => 444,
+                    source  => [ "puppet:///ntp/ntpkey_iff_orff.pub" ],
+                    require => Package["ntp"],
+                    notify  => Exec["ntp restart"],
+                    ;
+                "/etc/ntp.keys.d/ntpkey_iff_ravel":
+                    owner   => root,
+                    group   => root,
+                    mode    => 444,
+                    source  => [ "puppet:///ntp/ntpkey_iff_ravel.pub" ],
+                    require => Package["ntp"],
+                    notify  => Exec["ntp restart"],
+                    ;
+                "/etc/ntp.keys.d/ntpkey_iff_busoni":
+                    owner   => root,
+                    group   => root,
+                    mode    => 444,
+                    source  => [ "puppet:///ntp/ntpkey_iff_busoni.pub" ],
+                    require => Package["ntp"],
+                    notify  => Exec["ntp restart"],
+                    ;
+            }
         }
+    }
+
+
+    exec { "ntp restart":
+        path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+        refreshonly => true,
+    }
+    @ferm::rule { "dsa-ntp":
+        domain          => "(ip ip6)",
+        description     => "Allow ntp access",
+        rule            => "&SERVICE(udp, 123)"
+    }
 }
 # vim:set et:
 # vim:set sts=4 ts=4:
Unnamed repository; edit this file 'description' to name the repository.